Here are some links with special characters that can be used to trick users in giving them their login details by creating an exact copy of the website with just a little . or , somewhere that we might not even notice if we are in a hurry.
https://tools.oratory.com/altcodes.html
http://www.doc.ic.ac.uk/~svb/chars.html
https://en.wikipedia.org/wiki/List_of_Unicode_characters
Notice all the possibilities with the letter A Now think of your paypal account for example if you are using paypal.
Imagine someone sends you a link or you find a link - https:/www.paypȧl.com, you might think its dirt on your screen, dead pixel or something.
I changed only one letter, look - https:/www.paypȧl.com
Like some users said, dont click on links suggested on google or something you received via email, social media. Typing the address yourself is a good tip. Bookmark, also a good tip.
Unfortunately saving the password in your browser is a bad idea. Password Stealers are designed to find this data as it is stored in different locations on your PC. Password managers are also being targeted so any software offering to keep your passwords for you can be subject to an attack.
Topic: !Be careful when logging in! - page 4. (Read 927 times)
Tip to avoid getting scamed:
Use a password manager, or just save passwords in your browser.
This way you never type your password again. If you are requested for it, that's not the website you are looking for.
Though it's a nice concept but saving passwords in browser is not safe either. Someone having access to your system can easily find the password or hackers can steal it too.Use a password manager, or just save passwords in your browser.
This way you never type your password again. If you are requested for it, that's not the website you are looking for.
Better to use 2FA for added security.
that is true.
it is best not to save passwords in your browser however it is not that simple to access stored passwords in browsers like Google Chrome and Firefox. they can also be password protected.
for example if you have a password for your system log in when you visit chrome://settings/passwords in your Chrome browser it will require you to input that password before it shows you sensitive information.
in Firefox you have to set a Master Password yourself from about:preferences#privacy
Tip to avoid getting scamed:
Use a password manager, or just save passwords in your browser.
This way you never type your password again. If you are requested for it, that's not the website you are looking for.
Though it's a nice concept but saving passwords in browser is not safe either. Someone having access to your system can easily find the password or hackers can steal it too.Use a password manager, or just save passwords in your browser.
This way you never type your password again. If you are requested for it, that's not the website you are looking for.
Better to use 2FA for added security.
Tip to avoid getting scamed:
Use a password manager, or just save passwords in your browser.
This way you never type your password again. If you are requested for it, that's not the website you are looking for.
Use a password manager, or just save passwords in your browser.
This way you never type your password again. If you are requested for it, that's not the website you are looking for.
Woah! This is something new. Thanks for the heads up and spreading awareness.
Using 2FA is kind of must if you are holding coins on any exchanges. It can secure your funds otherwise anyone can fall prey to such novel scams.
Using 2FA is kind of must if you are holding coins on any exchanges. It can secure your funds otherwise anyone can fall prey to such novel scams.
And always have 2 factor authentication activated.
2FA is very important.
additionally what i do is that i always bookmark these important websites and i open them through my bookmarks instead of clicking any links.
also a quick way to notice a fake site for me has always been based on their "zoom"! usually browsers remember the zoom level that you used on the websites. for example (if you haven't already) zoom in while seeing this topic then visit one of bitcointalk mirror/fake websites such as this one:
fake link: https://bitcointalksearch.org/topic/be-careful-when-logging-in-2981675
now you can clearly see it is a different website you are visiting based on its zoom alone.
Could any one please clarify what those '...' under Ns mean? How does that represent a risk?
This site is fake, pretending to be a real exchange. When you go to it, you don't pay attention to these dots and think that it is an actual binance platform. Then you enter your e-mail and password and they go to hackers who now can do anything with your account on an exchange.
Just google "phishing" for more examples, if it is still not clear.
Could any one please clarify what those '...' under Ns mean? How does that represent a risk?
https://i.imgur.com/Qf3nKiI.jpg
Be very careful where you enter your login data! HTTPS means nothing anymore.
Do you notice the small dots(.) below the letters n
If you enter your password in a fake site like that your coins and money are gone. And always have 2 factor authentication activated.
Stay Safe
Be very careful where you enter your login data! HTTPS means nothing anymore.
Do you notice the small dots(.) below the letters n
If you enter your password in a fake site like that your coins and money are gone. And always have 2 factor authentication activated.
Stay Safe
thanks for the info sir..simple tips but it matters a lot...godbless☺
Thanks for reminding us here. Very helpful post. Merit deserving?
Be very careful where you enter your login data! HTTPS means nothing anymore.
Do you notice the small dots(.) below the letters n
Do you notice the small dots(.) below the letters n
That's crazy! Thanks for the info. How did you access this fake site so I know not to do that? It looks pretty real other than those 2 dots under the n.
most likely he used google search or clicked link from shady websitethat's why it's a good idea to create bookmarks for your most visited/used sites and only open from bookmarks
If you enter your password in a fake site like that your coins and money are gone. And always have 2 factor authentication activated.
yes it's a good idea to activate 2FA, at least it will somewhat prevent them to steal your coinsand most exchanges already put security measure on withdrawal process requiring confirmation link sent to your email
If using Firefox, I strongly advice everyone to enable the option to show IDN domains using the long codification.
Open the address "about:config", find "punycode" and enable it:
And, more importantly, always type addresses yourselves. Never open them using received links.
It's trivial and free to get HTTPS for any domain you own, real or fake.
Read this: https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/
Open the address "about:config", find "punycode" and enable it:
And, more importantly, always type addresses yourselves. Never open them using received links.
Thank you very much for the alert. But I think that is not fake website, i have never seen a fake website with Https:// (Secure) Written. Maybe that dot (.) on your computer/Laptop 's home screen. I am not sure though. Btw thanks again.
You must learn more about HTTPS! It just means the information between you and the website is encrypted and, most of the times (unless the certificate is self-signed or provided by a fake authority), that the site owns the domain (any domain) you're browsing. If you're browsing a fake site then it means the website owns that fake domain, not the real one.It's trivial and free to get HTTPS for any domain you own, real or fake.
Read this: https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/
That's crazy! Thanks for the info. How did you access this fake site so I know not to do that? It looks pretty real other than those 2 dots under the n.
Well there's no way you can accidentally type that out, so it's most likely from an ad or a deliberate phishing attempt. Some people may be too lazy in typing out the full address, so they search for the exchange in Google and go for the first result, which could be a sponsored ad. Deliberate phishing attempts come from emails or messages that look like they legitimately come from the site, asking you to click a seemingly legit link to drop your guard.
The best way to not get duped into these is to type the addresses out yourself, and maybe bookmark them if you're absolutely sure your computer is clean.
This is a good example of script spoofing as described at https://en.wikipedia.org/wiki/IDN_homograph_attack. Internationalised domain names should never have been implemented in the first place. Users and administrators should disable it wherever it is encountered.
Great warning! A reminder to all of us to always triple check whenever we log in to an exchange!
Thank you very much for the alert. But I think that is not fake website, i have never seen a fake website with Https:// (Secure) Written. Maybe that dot (.) on your computer/Laptop 's home screen. I am not sure though. Btw thanks again.
That's crazy! Thanks for the info. How did you access this fake site so I know not to do that? It looks pretty real other than those 2 dots under the n.
Be very careful where you enter your login data! HTTPS means nothing anymore.
Do you notice the small dots(.) below the letters n
If you enter your password in a fake site like that your coins and money are gone. And always have 2 factor authentication activated.
Stay Safe
Jump to: